Fedora 27: gimp Security Update
Summary
GIMP (GNU Image Manipulation Program) is a powerful image composition and
editing program, which can be extremely useful for creating logos and other
graphics for webpages. GIMP has many of the tools and filters you would expect
to find in similar commercial offerings, and some interesting extras as well.
GIMP provides a large image manipulation toolbox, including channel operations
and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all
with multi-level undo.
Security fix for CVE-2017-17784 CVE-2017-17785 CVE-2017-17786 CVE-2017-17787
CVE-2017-17788 CVE-2017-17789
[ 1 ] Bug #1529147 - CVE-2017-17785 gimp: Heap-based buffer overflow in the fli_read_brun function in plug-ins/file-fli/fli.c
https://bugzilla.redhat.com/show_bug.cgi?id=1529147
[ 2 ] Bug #1529146 - CVE-2017-17789 gimp: Heap-based buffer overflow in read_channel_data function in plug-ins/common/file-psp.c
https://bugzilla.redhat.com/show_bug.cgi?id=1529146
[ 3 ] Bug #1529145 - CVE-2017-17786 gimp: Heap-based buffer over-read in ReadImage function in plug-ins/common/file-tga.c
https://bugzilla.redhat.com/show_bug.cgi?id=1529145
[ 4 ] Bug #1529144 - CVE-2017-17784 gimp: Heap-based buffer over-read in load_image function in plug-ins/common/file-gbr.c
https://bugzilla.redhat.com/show_bug.cgi?id=1529144
[ 5 ] Bug #1529143 - CVE-2017-17787 gimp: Heap-based buffer over-read in read_creator_block function in plug-ins/common/file-psp.c
https://bugzilla.redhat.com/show_bug.cgi?id=1529143
[ 6 ] Bug #1529141 - CVE-2017-17788 gimp: Stack-based buffer over-read in xcf_load_stream function in app/xcf/xcf.c
https://bugzilla.redhat.com/show_bug.cgi?id=1529141
su -c 'dnf upgrade gimp' at the command line.
For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
FEDORA-2018-67b75f73fa 2018-01-09 23:48:23.446682 Product : Fedora 27 Version : 2.8.22 Release : 3.fc27 URL : https://www.gimp.org/ Summary : GNU Image Manipulation Program Description : GIMP (GNU Image Manipulation Program) is a powerful image composition and editing program, which can be extremely useful for creating logos and other graphics for webpages. GIMP has many of the tools and filters you would expect to find in similar commercial offerings, and some interesting extras as well. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. Security fix for CVE-2017-17784 CVE-2017-17785 CVE-2017-17786 CVE-2017-17787 CVE-2017-17788 CVE-2017-17789 [ 1 ] Bug #1529147 - CVE-2017-17785 gimp: Heap-based buffer overflow in the fli_read_brun function in plug-ins/file-fli/fli.c https://bugzilla.redhat.com/show_bug.cgi?id=1529147 [ 2 ] Bug #1529146 - CVE-2017-17789 gimp: Heap-based buffer overflow in read_channel_data function in plug-ins/common/file-psp.c https://bugzilla.redhat.com/show_bug.cgi?id=1529146 [ 3 ] Bug #1529145 - CVE-2017-17786 gimp: Heap-based buffer over-read in ReadImage function in plug-ins/common/file-tga.c https://bugzilla.redhat.com/show_bug.cgi?id=1529145 [ 4 ] Bug #1529144 - CVE-2017-17784 gimp: Heap-based buffer over-read in load_image function in plug-ins/common/file-gbr.c https://bugzilla.redhat.com/show_bug.cgi?id=1529144 [ 5 ] Bug #1529143 - CVE-2017-17787 gimp: Heap-based buffer over-read in read_creator_block function in plug-ins/common/file-psp.c https://bugzilla.redhat.com/show_bug.cgi?id=1529143 [ 6 ] Bug #1529141 - CVE-2017-17788 gimp: Stack-based buffer over-read in xcf_load_stream function in app/xcf/xcf.c https://bugzilla.redhat.com/show_bug.cgi?id=1529141 su -c 'dnf upgrade gimp' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Change Log
References